2
wordpress | xmlrpc.php 的禁用
source link: https://benpaodewoniu.github.io/2024/04/06/wordpress19/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
wordpress | xmlrpc.php 的禁用
在 AWS 中收到自己 wordpress 的服务器,经常入侵别人的服务器。
经过很长时间的排查,发现是 xmlrpc.php 的问题。
我是 nginx 所以,我只需要添加
location ~* ^/xmlrpc.php$ {
return 403;
}
可以通过以下方式测试修复:
curl -Is 域名或者ip/xmlrpc.php | grep 'HTTP' | grep 'HTTP' | awk '{print $2}'
如果结果返回 405,则文件仍然不安全。
如果结果返回为 403 或 404,则文件现已受到保护
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK